Aurora, CO - Need Locals
Summary: The Information Security Office (ISO) is seeking a professional with information security, technology risk assessment, technology audit, or legal experience to join our team. Business Operations Security Analysts work within the ISO's Engagement team but are embedded within city departments to evaluate and consult on information security and privacy risk of business drivers and technology. This position will engage all levels of the business to identify risk and work directly with business leadership and the CISO to design and execute on remediation projects and build processes that will support the CAO's compliance with industry, legal, as well as policy, security, and privacy requirements.
The role will report to the CISO, with a dotted line of responsibility to the department head. This role will work with the City Attorney's Office (CAO) directly and will lead the Risk & Compliance team in fulfilling Colorado Open Records Act and eDiscovery requests on behalf of the IT Department. This position is a senior-level analyst position due to experience required in building a program, strong interpersonal and documentation skills required, and preference for CAO experience.
WHY WORK FOR THE CITY OF AURORA?
- Work flexibility including on site, hybrid, and telework options
- Competitive total compensation package
- Well-Funded General Employees Retirement Plan
- Light rail station minutes away
- On-site fitness center and overall employee well-being programs
- Internal educational programs to assist with career advancement
- You will work with 20+ vastly different business lines within a City that is aggressively innovating around its technology and business strategies.
- A chance to make a difference. You're not protecting a dollar, you're protecting people
DAY TO DAY EXPECTATIONS?
- HE'll build the foundation for the City's Information Security Office's Engagement division. You'll drive adoption of good security hygiene practices by building strong business relationships, understanding the business risk and needs, collaborating with the business as a trusted subject matter expert to support them as they adopt innovative technologies.
- He'll drive education and awareness for the business, industry, and our community through the development of training materials/content and delivery of training to staff as needed.
- He will work with CAO leadership and the CISO to develop metrics and reporting, as well as quarterly Customer Business Reviews (CBRs) to inform the business and ISO on program efficacy and effectiveness, as well as identify risks and solutions.
- He will manage the open record requests and eDiscovery hold requests for the IT department and engage the CAO and business stakeholders to ensure successful response to requests.
- He will work with CAO leadership and the CISO in development and execution of their business strategies and roadmaps, identifying requisite security control requirements, forecasting implementation costs, TCO, ROI and the level of effort to implement and sustain.
- He will perform security and privacy risk assessments of CAO infrastructure and provide reporting of findings and recommendations for resolution. You will track risk findings and support the CAO, Security Operations, Enterprise Infrastructure and Public Safety teams to properly address.
- He will be the subject matter expert (SME) for security during internal and external audits, working with the CISO, Risk and Compliance, and CAO leadership to ensure audit requests are fulfilled and findings addressed.
- He will regularly engage the CAO, Security Operations, Enterprise Infrastructure and Enterprise Applications teams to resolve issues and be a champion of business change to ensure good security hygiene is foundational to everything you do.
- The successful candidate will be able to translate legal and regulatory technical requirements into business language.
- He will work alongside the Security Operations and Risk & Compliance divisions to ensure existing ISO platforms are deployed, tuned, and effective in meeting governance requirements. You will be a key member in the design and implementation of security controls to meet this objective.
- He will perform ongoing learning and research to identify new technology and ensure the ISO is prepared to address and secure those technologies.
- This position will report directly to the CISO but will have a dotted line reporting to the City Attorney or their designee.
- He will be responsible for evaluating the CAO's systems, policies, and processes to ensure compliance with the requirements and standards applicable to securing the CAO's business.
- Stay up to date with relevant legislation, industry standards, and best practices.
- Respond to emergencies and other incidents as required and participate in investigations and remediation efforts.
- He will support CAO leadership as they develop technology strategy, including liaise with IT and ISO colleagues to help the CAO drive innovative change in technologies and processes, and ensure the architecture is developed with security-by-design methods to meet compliance and business requirements for confidentiality, availability, and integrity.
- He will meet regularly with CAO leadership to understand the department's needs and current and future needs.
Education
Minimum Qualifications:
Bachelor's degree OR four (4) years of directly relatable experience OR a combination of both equal to four years.
Experience
Required Experience and Skills:
- He will have an extensive background in information security.
- Experience in regulatory compliance or legal practice.
- Must be a self-starter and a life-long learner.
- Must be a critical thinker who believes security can be an enabler of business.
- Well-developed interpersonal and communication skills.
- Conflict resolution skills.
- Strong documentation skills
- Strong communication skills
- Excellent analytical, problem-solving, and decision-making skills.
Preferred Experience And Skills
- He will preferably have prior experience performing security for a law firm or other legal organization.
- Prior experience using Microsoft Purview.
- eDiscovery experience
- Risk assessment experience.
- Knowledge of cloud-based technology
- Experience in IT audit
- Experience in technical writing and/or report writing
- An applicable security certification such as CISSP, CISA, Security+, or comparable.
- An applicable privacy or legal certification or comparable education